But how do we ''older'' Information Assurance experts help bring in andtrain people to understand it?
A very good friend of mine recently decided to change career fields --moving from being a computer programmer to information assurance. It wasinteresting to hear how she went about getting ready for such a move,where she did research and some of the obstacles she faced. As anInformation Assurance professional, I thought I would share some of thehighlights in the hopes that we can use them when training our juniorfolks.
First there are the acronyms.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i Of course, as Information Assurance professionals, we use acronyms allthe time. There are the IPS (intrusion prevention systems) and IDS(intrusion detection systems). C&A (certification and accreditation) iscommonly used, as is COOP (continuity of operations). Then, there are allthe federal mandates for compliance that have been shortened, such as SOX(Sarbanes-Oxley) and FISMA (Federal Information Security Management Act).
As my friend put it, we talk in ''IA speak''.
So, the first thing we should do with our new employees is introduce themto the acronyms and language of Information Assurance. A good place tostart is the acronym or glossary appendix from one of your agencies'System Security Plan or System Security Authorization Agreement (SSAA).These should contain those acronyms used both in the InformationAssurance world, as well as those specific to your security environment.
There also are national-level documents that provide informationassurance words, acronyms and definitions. I would recommend using theNational Information Assurance Glossary, dated May 3 (NIST Inst. 4009),from the Committee on National Security Systems (CNSS). It's a goodstarting point.
There also are many websites that serve as good references for new (andold) Information Assurance professionals. One of my personal favorites isthe Information Assurance Security Environment (IASE) that is maintainedby the Defense Information Systems Agency (DISA). This website provides a great overview of theIA disciplines, as well as additional links to documentation. However, ifyou are not on a .mil address, you may not be able to get to all theinformation.
Another website for IA policies and processes is the